lark-workflow-bitable-sync
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external sources.
- Ingestion points: Data is retrieved from source and target Lark tables using
lark-cli base +record-listin Step 3 and Step 4. - Boundary markers: The instructions do not define clear delimiters or "ignore instructions" warnings for the data being passed to the AI for field mapping and comparison.
- Capability inventory: The skill possesses the capability to modify data via
lark-cli base +record-upsertin Step 6. - Sanitization: There is no evidence of sanitization or validation of the content within the table records before they are processed by the AI.
- [COMMAND_EXECUTION]: The skill relies on the execution of the
lark-clicommand-line tool to perform all data operations. While these are legitimate actions for the skill's purpose, they represent the primary mechanism through which any potential injection could manifest as an unauthorized data write.
Audit Metadata